oss-sec mailing list archives

Re: CVE id request: mktemp

From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 18 Aug 2008 10:59:56 +0200


BTW, mktemp(1) is using O_EXCL anyway, so I dont see
an issue. Additionally all of our scripts use
more than 6 X' as also shown in the
example section of the manpage. We are not going to
release updates for this non-issue.

l8er,
Sebastian

On Fri, Aug 15, 2008 at 01:55:50PM +0200, Nico Golde wrote:

Hi,
mktemp (not the coreutils one) from 
ftp://ftp.mktemp.org/pub/mktemp/ is not generating fully 
random names. Steve, can you assign a CVE id to this?

This is 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193
I wrote an explanation on why this happens, available on:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495193#30

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.




-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

CVE id request: mktemp Nico Golde (Aug 15)
- Re: CVE id request: mktemp Todd C. Miller (Aug 15)
- Re: CVE id request: mktemp Sebastian Krahmer (Aug 18)
  - Re: CVE id request: mktemp Nico Golde (Aug 18)
    - Re: CVE id request: mktemp Todd C. Miller (Aug 18)
    - Re: CVE id request: mktemp Steven M. Christey (Aug 18)
    - Re: CVE id request: mktemp Nico Golde (Aug 18)
  - Re: CVE id request: mktemp Todd C. Miller (Aug 18)
    - Re: CVE id request: mktemp Nico Golde (Aug 18)